Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15
podofo
0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-point...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch of Package podofo
Subject: Fix CVE-2017-5855: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection Url: https://sourceforge.net/p/podofo/code/1843/ Throw PoDoFo's Out of memory exception when resize of std::vector fails when reading XRef content. Fixes: CVE-2017-5855, CVE-2018-5296 --- a/podofo/trunk/src/base/PdfParser.cpp +++ b/podofo/trunk/src/base/PdfParser.cpp @@ -779,6 +779,7 @@ PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "xref subsection's given entry numbers together too large" ); + try { #ifdef _WIN32 m_nNumObjects = static_cast<long>(nFirstObject + nNumObjects); m_offsets.resize(static_cast<long>(nFirstObject+nNumObjects)); @@ -786,7 +787,9 @@ m_nNumObjects = nFirstObject + nNumObjects; m_offsets.resize(nFirstObject+nNumObjects); #endif // _WIN32 - + } catch (std::bad_alloc &ex) { + PODOFO_RAISE_ERROR( ePdfError_OutOfMemory ); + } } else {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor